Nftables: Difference between revisions
GregoryPower (talk | contribs) m add link to nftables wiki |
GregoryPower (talk | contribs) m add hyperlink |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This page is a work-in-progress, please reference the [https://wiki.nftables.org/ nftables wiki],[https://netfilter.org/projects/nftables/ netfilter.org's webpage on the nftables project] or the [https://wiki.archlinux.org/title/Nftables archlinux wiki page for nftables]. | This page is a work-in-progress, please reference the [https://wiki.nftables.org/ nftables wiki], [https://netfilter.org/projects/nftables/ netfilter.org's webpage on the nftables project], or the [https://wiki.archlinux.org/title/Nftables archlinux wiki page for nftables]. | ||
=== Enabling nftables via options === | === Enabling nftables via options === | ||
Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables. | Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables. | ||
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see | Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 for more information. | ||
There are other programs that use iptables internally too, such as libvirt. For information on how the two firewalls interact, see [https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F nftables wiki FAQ answer to "How to nftables and iptables interact when uses on the same system?]. | |||
Some network configurations may prevent VMs from having network access, see [[Networking#Virtualization|https://wiki.nixos.org/wiki/Networking#Virtualization]].<syntaxhighlight lang="nixos"> | Some network configurations may prevent VMs from having network access, see [[Networking#Virtualization|https://wiki.nixos.org/wiki/Networking#Virtualization]].<syntaxhighlight lang="nixos"> | ||
networking.nftables.enable = true | networking.nftables.enable = true | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 17:53, 24 May 2026
This page is a work-in-progress, please reference the nftables wiki, netfilter.org's webpage on the nftables project, or the archlinux wiki page for nftables.
Enabling nftables via options
Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 for more information.
There are other programs that use iptables internally too, such as libvirt. For information on how the two firewalls interact, see nftables wiki FAQ answer to "How to nftables and iptables interact when uses on the same system?.
Some network configurations may prevent VMs from having network access, see https://wiki.nixos.org/wiki/Networking#Virtualization.
networking.nftables.enable = true